March 15, 2017 By Rick M Robinson 2 min read

Artificial intelligence (AI) and its role in security was a hot topic at last month’s RSA Conference in San Francisco. But some cold water was also being thrown on the growing tendency of vendors to use AI, especially machine learning, as marketing hype.

AI indeed “moves the needle,” Zulfikar Ramzan, the RSA chief technology officer (CTO), said at the conference. But, he added, “the real open question to me is how much has that needle actually moved in practice?”

To cut through the marketing hype, it is necessary to understand the real capabilities and limitations of artificial intelligence in security.

Distinguishing Substance From Hype

Some of what is being hyped as artificial intelligence breakthroughs is actually well-established technology. For example, Ramzan noted that the use of machine learning to recognize and identify hostile traffic is the basis of familiar tools such as spam filters.

Machine learning technology continues to improve. It is particularly useful in roles such as spotting attacks that do not involve malware, where the overall pattern identifies the attack as a threat. But the hype threatens to produce what Ramzan called a “lemons market” in which security customers cannot readily tell which vendors are offering real value.

Artificial Intelligence and the Security Data Challenge

Other security observers point to the sheer volume of traffic data as a key area where artificial intelligence can make an effective contribution.

“Right now, it’s an issue of volume. There’s just not enough people to do the work,” Mike Buratowski, senior vice president of Fidelis Cybersecurity, said at RSA. In this situation, he continued, AI technology “can crunch so much data and present it to somebody.”

In this application, AI works hand in hand, so to speak, with the human intelligence of security analysts. A high-level AI such as Watson can monitor enormous amounts of raw traffic data and look for patterns that it can then pass on to human analysts for closer examination and evaluation. In turn, interaction with its human colleagues allows the AI to refine its search algorithms.

The Future of Cognitive Security

Other innovative approaches to artificial intelligence in security include scanning messaging and other patterns on web forums and related sites associated with black market activities. As in network traffic analysis, the role of AI in tracking the Dark Web is to examine very large volumes of unstructured data — big data in the truest sense — for patterns that can then be further scrutinized by human expertise.

Given the rate at which big data is getting even bigger, the demand for this type of AI augmentation of threat intelligence is sure to grow. This will only expand the possibilities of AI and cognitive computing in the security space.

Listen to the podcast: The Cognitive Transformation is for Everyone

More from Artificial Intelligence

AI and cloud vulnerabilities aren’t the only threats facing CISOs today

6 min read - With cloud infrastructure and, more recently, artificial intelligence (AI) systems becoming prime targets for attackers, security leaders are laser-focused on defending these high-profile areas. They’re right to do so, too, as cyber criminals turn to new and emerging technologies to launch and scale ever more sophisticated attacks.However, this heightened attention to emerging threats makes it easy to overlook traditional attack vectors, such as human-driven social engineering and vulnerabilities in physical security.As adversaries exploit an ever-wider range of potential entry points…

Are successful deepfake scams more common than we realize?

4 min read - Many times a day worldwide, a boss asks one of their team members to perform a task during a video call. But is the person assigning tasks actually who they say they are? Or is it a deepfake? Instead of blindly following orders, employees must now ask themselves if they are becoming a victims of fraud.Earlier this year, a finance worker found themselves talking on a video meeting with someone who looked and sounded just like their CFO. After the…

How to calculate your AI-powered cybersecurity’s ROI

4 min read - Imagine this scenario: A sophisticated, malicious phishing campaign targets a large financial institution. The attackers use emails generated by artificial intelligence (AI) that closely mimic the company's internal communications. The emails contain malicious links designed to steal employee credentials, which the attackers could use to gain access to company assets and data for unknown purposes.The organization's AI-powered cybersecurity solution, which continuously monitors network traffic and user behavior, detects several anomalies associated with the attack, blocks access to the suspicious domains…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today